It 2352 Cryptography and Network Security

It 2352 Cryptography and Network Security

IT 2352 – CRYPTOGRAPHY AND NETWORK SECURITY

DEPARTMENT OF Computer Science & Engineering

QUESTION BANK

UNIT I

PART-A (2 MARKS)

1. Specify the four categories of security threats.

InterruptionInterception

ModificationFabrication

2. Explain active and passive attack with example.

Passive attack: Monitoring the message during transmission. Eg: Interception

Active attack:

It involves the modification of data stream or creation of false data stream. E.g.: Fabrication, Modification, and Interruption

3. Define integrity and non repudiation. Integrity:

Service that ensures that only authorized person able to modify the message. Non repudiation:

This service helps to prove that the person who denies the transaction is true or false.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

4. Differentiate symmetric and asymmetric encryption?

Symmetric / Aymmetric
It is a form of cryptosystem in which / It is a form of cryptosystem in which
encryption and decryption performed using / encryption and decryption Performed using
the same key. Eg: DES, AES / two keys. Eg:RSA,ECC

5. Define cryptanalysis?

It is a process of attempting to discover the key or plaintext or both.

6. Compare stream cipher with block cipher with example.

Stream cipher: Processes the input stream continuously and producing one element at a time. Example: caeser cipher.

Block cipher: Processes the input one block of elements at a time producing an output block for each input block. Example: DES.

7. Define security mechanism

It is process that is designed to detect prevent, recover from a security attack.

Example: Encryption algorithm, Digital signature, Authentication protocols.

8. Differentiate unconditionally secured and computationally secured .

An Encryption algorithm is unconditionally secured means, the condition is if the cipher text generated by the encryption scheme doesn’t contain enough information to determine corresponding plaintext.

Encryption is computationally secured means,

  1. The cost of breaking the cipher exceed the value of enough information.
  1. Time required to break the cipher exceed the useful lifetime of information.
  1. Define steganography

Hiding the message into some cover media. It conceals the existence of a message.

10. Why network need security?

When systems are connected through the network, attacks are possible during transmission time.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

11. Define Encryption

The process of converting from plaintext to cipher text. 12. Specify the components of encryption algorithm.

(a) Plaintext (b) Encryption algorithm (c) secret key (d) cipher text

(e)Decryption algorithm

  1. Define confidentiality and authentication

Confidentiality: It means how to maintain the secrecy of message. It ensures that the information in a computer system and transmitted information are accessible only for reading by autherised person.

Authentication: It helps to prove that the source entity only has involved the transaction.

  1. Define cryptography.

It is a science of writing Secret code using mathematical techniques. The many schemes used for enciphering constitute the area of study known as cryptography.

15. Compare Substitution and Transposition techniques.

SUBSTITUTION / TRANSPOSITION
*A substitution techniques is one in / * It means, different kind of mapping is
which the letters of plaintext are replaced / achieved by performing some sort of
by other letter or by number or symbols. / permutation on the plaintext letters. *Eg:
*Eg: Caeser cipher. / DES, AES.
  1. Define Diffusion & Confusion.

Diffusion:

It means each plaintext digits affect the values of many ciphertext digits which is equivalent to each ciphertext digit is affected by many plaintext digits. It can be achieved by performing permutation on the data. It is the relationship between the plaintext and ciphertext.

Confusion:

It can be achieved by substitution algorithm. It is the relationship between cipher text and key.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

17. What are the design parameters of Feistel cipher network?

*Block size

*Key size

*Number of Rounds

*Sub key generation algorithm

*Round function

*Fast software Encryption/Decryption

*Ease of analysis

18. Define Product cipher.

It means two or more basic cipher are combined and it produce the resultant cipher is called the product cipher.

19. Explain Avalanche effect.

A desirable property of any encryption algorithm is that a small change in either the plaintext or the key produce a significant change in the ciphertext. In particular, a change in one bit of the plaintext or one bit of the key should produce a change in manybits of the ciphertext. If the change is small, this might provider a way to reduce the size of the plaintext or key space to be searched.

  1. Give the five modes of operation of Block cipher.
  1. Electronic Codebook(ECB)
  1. Cipher Block Chaining(CBC)
  1. Cipher Feedback(CFB)
  1. Output Feedback(OFB)
  1. Counter(CTR)
  1. State advantages of counter mode.

*Hardware Efficiency / * / Software Efficiency
*Preprocessing / * Random Access
* Provable Security / * / Simplicity.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

22. Define Multiple Encryption.

It is a technique in which the encryption is used multiple times. Eg: Double DES, Triple DES

23. Specify the design criteria of block cipher.

Number of rounds

Design of the function F

Key scheduling

24. Define Reversible mapping.

Each plain text is maps with the unique cipher text. This transformation is called reversible mapping.

25. Specify the basic task for defining a security service.

A service that enhances the security of the data processing systems and the information transfer of an organization. The services are intended to counter security attack, and they make use of one or more security mechanism to provide the service.

26. What is the difference between link and end to end encryption?

Link Encryption / End to End Encryption
1. With link / encryption, each / 1.With end to end encryption, encryption
vulnerable / communication link / process is carried out at the two end
is equipped on Both ends with an / systems
encryption device
2. Message exposed in sending host / 2.Message encrypted in sending and
intermediate nodes
and in intermediate nodes
  1. Transperant to user

4. / Host maintains encryption facility / 3.User applies encryption
5. / One facility for all users / 4.Users must determine algorithm
6. / Can be done in hardware / 5.Users selects encryption scheme
7. / Provides host authentication / 6.Software implementations
8. / Requires one key per(host- / 7.Provides user authentication
intermediate) / Pair and 8.Requires one key per user pair
(intermediate-intermediate)pair

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

27. What is traffic Padding? What is its purpose?

Traffic padding produces ciphertext output continuously, even in the absence of the plain text. A continuous random data stream is generated. When plain text is available, it is encrypted and transmitted. When input plaintext is not present, random data are encrypted and transmitted. This makes it impossible to for an attacker to distinguish between true dataflow and padding and therefore impossible to deduce the amount of traffic.

28. List the evaluation criteria defined by NIST for AES?

The evaluation criteria for AES is as follows:

1.Security

2. Cost

3.Algorithm and implementation characteristics

29. What is Triple Encryption? How many keys are used in triple encryption?

Triple Encryption is a technique in which encryption algorithm is performed three

times using three keys.
PART-B
1. / Explain / (a) / Playfair cipher / (8)
(b) / Vernam cipher in detail. / (8)
2. / Explain simplified DES with example. / (16)
3. / Write short notes on i) Steganography / (16)
4. / Explain classical Encryption techniques in detail. / (16)
5. / Write short notes on
(a) Security services / (8)
(b) Feistel cipher structure / (8)
6. / Explain Data Encryption Standard (DES) in detail. / (16)
7. / How AES is used for encryption/decryption? Discuss with example. / (16)
8. / List the evaluation criteria defined by NIST for AES. / (16)

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

UNIT II

PART-A (2 MARKS)

1. Differentiate public key and conventional encryption?

Conventional Encryption / Public key Encryption
1. / The / same algorithm / with / the / 1.One algorithm is used for encryption
same / key / is / used / for / and decryption with a pair of keys,
encryption and decryption. / one for encryption and another for
2. The sender and receiver must / decryption.
share the algorithm / and / the / 2.the sender and receiver must each
key.
have one of the matched pair of keys.
3. The key must be secret
3.One of two keys must be kept
Secret .
4. It / must / be impossible / or / atleast / 4. It must be impossible or to at least
impractial / message / if / no / other
impractical to decipher a
information / is available
message if no other information is
available.
5. Knowledge of the / algorithm / plus / 5. Knowledge of the algorithm plus
samples of / cipher / text / must / one of key plus samples of ciphertext
insufficient to determine the key
must be insufficient to determine the
other key.

2. What are the principle elements of a public key cryptosystem?

The principle elements of a cryptosystem are:

plain text

Encryption algoritm

Public and private key

Cipher text

Decryption algorithm

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

3. What are roles of public and private key?

The two keys used for public-key encryption are referred to as the public key and the private key. Invariably, the private key is kept secret and the public key is known publicly. Usually the public key is used for encryption purpose and the private key is used in the decryption side.

4. Specify the applications of the public key cryptosystem?

The applications of the public-key cryptosystem can classified as follows

Encryption/Decryption: The sender encrypts a message with the recipient’s public key.

Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to a message or to a small block of data that is a function of the message.

Key Exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.

5. What requirements must a public key cryptosystem to fulfill to a secured algorithm?

The requirements of public-key cryptosystem are as follows:

  1. It is computationally easy for a party B to generate a pair(Public key KUb,Private key KRb)
  1. It is computationally easy for a sender A, knowing the public key and the

message to be encrypted , M, to generate the corresponding ciphertext: C=EKUb(M)

  1. It is computationally easy for the receiver B to decrypt the resulting ciphertext

using the private key to recover the original message : M=DKRb(C)=DKRb[EKUb(M)]

  1. It is computationally infeasible for an opponent , knowing the public key,KUb,to determine the private key,KRb.
  1. It is computationally infeasible for an opponent , knowing the public key,KUb, and a ciphertext, C, to recover the original message,M.
  1. The encryption and decryption functions can be applied in either order:

M=EKUb[DKRb(M)]=DKUb [EKRb(M)]

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

6. What is a one way function?

One way function is one that map the domain into a range such that every function value has a unique inverse with a condition that the calculation of the function is easy where as the calculations of the inverse is infeasible.

7. What is a trapdoor one way function?

It is function which is easy to calculate in one direction and infeasible to calculate in other direction in the other direction unless certain additional information is known. With the additional information the inverse can be calculated in polynomial time. It can be summarized as: A trapdoor one way function is a family of invertible functions fk, such

that / Y= fk( X)easy, if k and X are known
X=fk-1(Y) easy, if k and y are known
X= fk-1(Y) infeasible, if Y is known but k is not known

8. Define Euler’s theorem and it’s application?

Euler’s theorem states that for every a and n that are relatively prime:

a Φ(n) ==1 mod n

9. Define Euler’s totient function or phi function and their applications?

The Euler’s totient function states that, it should be clear for a prime number p,

Φ(p)=p-1

  1. Describe in general terms an efficient procedure for picking a prime number? The procedure for picking a prime number is as follows:
  1. Pick an odd integer n at random (eg., using a pseudorandom number generator).
  1. Pick an integer a<n at random.
  1. Perform the probabilistic primality test, such as Miller-Rabin. If n fails the test, reject the value n and go to step 1.
  1. If n has passed a sufficient number of tests, accept n; otherwise , go to step 2.
  1. Define Fermat Theorem?

Fermat Theorem states the following: If p is prime and a is a positive integer not divisible by p, then A p-1=1 mod p

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

  1. List four general characteristics of schema for the distribution of the public key? The four general characteristics for the distribution of the public key are
  1. Public announcement
  1. Publicly available directory
  1. Public-key authority
  1. Public-key certificate
  1. What are essential ingredient of the public key directory?

The essential ingredient of the public key are as follows:

  1. The authority maintains a directory with a {name, public key} entry for each participant
  1. Each participant registers a public key with the directory authority. Registration would have to be in person or by some form of secure authenticated communication.
  1. A participant may replace the existing key with a new one at a time ,either because of the desire to replace a public key that has already been used for a large amount of data, or because the corresponding private key has been comprised in some way.
  1. Periodically, the authority publishes the entire directory or updates to the directory. For example, a hard-copy version much like a telephone book could be published, or updates could be listed in a widely circulated newspaper.
  1. Participants could also access the directory electronically. For this purpose, secure, authenticated communication from the authority to the participant is mandatory.
  1. Find gcd (1970, 1066) using Euclid’s algorithm?

gcd (1970,1066) = gcd(1066,1970 mod 1066)

=gcd(1066,904)

=2

15. What is the primitive root of a number?

We can define a primitive root of a number p as one whose powers generate all the integers from 1 to p-1. That is p, if a is a primitive root of the prime number p then the numbers.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

16. Determine the gcd (24140,16762) using Euclid’s algorithm.

Soln: We know, gcd(a, b) = gcd(b, a mod b) gcd(24140,16762) =gcd(16762,7378)

gcd(7378,2006) =gcd(2006,1360) gcd(1360,646) =gcd(646,68)

gcd(68,34) = 34 gcd(24140,16762) = 34.

17. Perform encryption and decryption using RSA Alg. for the following. P=7; q=11; e=17; M=8.

Soln:n = pq

n = 7*11=77

Φ(n)=(p-1) (q-1)

=6*10 = 60

e =17d =27

C = Me mod n

C = 817 mod 77 = 57

M = Cd mod n

= 5727 mod 77 = 8

18. What is an elliptic curve?

The principle attraction of ECC compared to RSA, is that it appears to offer equal security for a far smaller key size, thereby reducing processing overhead.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

PART-B
1. / State and explain the principles of public key cryptography. / (16)
2. / Explain Diffie Hellman key Exchange in detail with an example / (16)
3. / Explain the key management of public key encryption in detail / (16)
4. / Explain RSA algorithm in detail with an example / (16)
5. / Briefly explain the idea behind Elliptic Curve Cryptosystem. / (16)
UNIT III
PART-A (2 MARKS)
1. / What is message authentication?
It is a procedure that verifies whether the received message comes from assigned
source has not been altered. It uses message authentication codes, hash algorithms to
authenticate the message.
2. / Define the classes of message authentication function.

Message encryption: The entire cipher text would be used for authentication.

Message Authentication Code: It is a function of message and secret key produce a fixed length value.

Hash function: Some function that map a message of any length to fixed length which serves as authentication.

3. What are the requirements for message authentication?

The requirements for message authentication are

  1. Disclosure: Release of message contents to any person or process not processing the appropriate cryptographic key
  1. Traffic Analysis: Discovery of the pattern of traffic between parties. In a connection oriented application, the frequency and duration of connections could be determined. In either a connection oriented or connectionless environment, the number and length of messages between parties could be determined.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

  1. Masquerade: Insertion of messages into the network from a fraudulent source. This includes the creation of messages by an opponent that are purported to come from an authorized entity. Also included are fraudulent acknowledgements of message receipt or no receipt by someone other than the message recipient.
  1. Content modification: Changes to the contents of a message , including insertion, deletion, transposition, and modification.
  1. Sequence modification: Any modification to a sequence of messages between parties, including insertion, deletion, and modification.
  1. Timing modification: Delay or replay of messages. In a connection oriented application, an entire session or sequence of messages could be a replay of some previous valid session, or individual messages in the sequence could be delayed or replayed. In connectionless application, an individual message could be delayed or replayed.
  1. Source repudiation: Denial of transmission of message by source.
  1. Destination repudiation: Denial of receipt of message by destination.
  1. What you meant by hash function?

Hash function accept a variable size message M as input and produces a fixed size hash code H(M) called as message digest as output. It is the variation on the message authentication code.

5. Differentiate MAC and Hash function?

MAC:

In Message Authentication Code, the secret key shared by sender and receiver. The MAC is appended to the message at the source at a time which the message is assumed or known to be correct.

Hash Function:

The hash value is appended to the message at the source at time when the message is assumed or known to be correct. The hash function itself not considered to be secret.

  1. Any three hash algorithm.

•MD5 (Message Digest version 5) algorithm.

•SHA_1 (Secure Hash Algorithm).

• RIPEMD_160 algorithm.

IT 2352 – CRYPTOGRAPHY & NETWORK SECURITY

  1. What are the requirements of the hash function?

•H can be applied to a block of data of any size.

•H produces a fixed length output.

•H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.

  1. What you meant by MAC?

MAC is Message Authentication Code. It is a function of message and secret key which produce a fixed length value called as MAC. MAC = Ck(M)

Top View